Not So Know-It-All: Just 12% of Employees Are Fully Aware of Their Organization’s IT Security Policies

A lack of IT security awareness remains a worrying reality for businesses around the world, according to a recent study of consumers conducted by Kaspersky Lab and B2B International.

A lack of IT security awareness remains a worrying reality for businesses around the world, according to a recent study of consumers conducted by Kaspersky Lab and B2B International. The research found that just one tenth (12%) of employed respondents are fully aware of the IT security policies and rules set in the organizations they work for. This, combined with the fact that half (49%) of employees consider protection from cyberthreats a shared responsibility, presents additional challenges when it comes to setting the right cybersecurity framework.

The study of 7,993 full-time employees which asked about policies and responsibilities for corporate IT security also revealed that 24% of employees believe there are no established policies in their organizations at all. Interestingly, it seems that ignorance of the rules is no excuse, as around half (49%) of the respondents think all employees, including themselves, should take responsibility for protecting corporate IT assets from cyberthreats.

This discrepancy could be particularly dangerous for smaller businesses, where there is no dedicated IT security function and responsibilities are distributed among IT and non-IT personnel. Neglecting even basic requirements, such as changing passwords or installing necessary updates, could jeopardize overall business protection. According to Kaspersky Lab experts, top management, HR and finance specialists who have access to their company’s critical data are usually most at risk of being targeted.

To deal with this problem, small and medium-sized businesses would benefit from regular IT security awareness training for staff and from products tailored to their specific needs. For example, Kaspersky Endpoint Security Cloud includes features such as preconfigured security settings, immediate protection across all devices and easy management capabilities that do not require in-depth expertise from its administrator, thereby reducing the burden on overstretched IT teams.

“The issue of unaware staff can be a major challenge to overcome, especially for smaller businesses where a cybersecurity culture is still being developed. Not only can employees themselves fall victims of cyberthreats, but they are also obliged to guard their company from those threats in the first place. In this regard, businesses should pay attention to educating staff and introducing easy to use and manage, but still powerful solutions that make this achievable for those who are not experts in IT security.” – said Vladimir Zapolyansky, Head of SMB Business at Kaspersky Lab.

Kaspersky Lab’s SMB portfolio includes products that cover the various needs of very small, small and medium-sized businesses. Smaller businesses would benefit from the combination of powerful protection and ease of management in Kaspersky Small Office Security and Kaspersky Endpoint Security Cloud, while larger companies may find more use in the advanced security settings and targeted applications for enhanced mobile, server and email protection found in the Kaspersky Endpoint Security for Business suite.

To learn more about how employees can put businesses in danger, please read the full report “Human Factor in IT Security: How Employees are Making Businesses Vulnerable from Within” on our blog.